A method, system and apparatus that advantageously provide a security protocol for data security. The apparatus includes a random number generator for generating random numbers and a share calculator in communication with the random number generator, the share calculator processes the data to generate one or more encoded data shares where the processing is based at least in part on the random numbers. The apparatus may further include a router that routes the encoded data shares, a switching fabric and associated logic. The data security system includes one or more storage devices that store client data and a splitter that controls access to the client data stored on the one or more storage devices where the splitter apparatus encodes at least a portion of the client data that is stored on the one or more storage devices.
Legal claims defining the scope of protection, as filed with the USPTO.
1. An apparatus for data security, the apparatus comprising: a random number generator generating random numbers; a share calculator in communication with the random number generator, the share calculator selecting a random polynomial to generate one or more encoded data shares based at least in part on the random numbers; the share calculator encoding based at least in part on a Rabin polynomial model that encodes client data in at least one constant coefficient of the random polynomial; the share calculator discarding the random polynomial after generating the one or more encoded data shares; and the share calculator constructing a second random polynomial based on the one or more encoded data shares, the second random polynomial being used to reconstruct client data.
2. The apparatus of claim 1 , further comprising a router in communication with the share calculator, the router routing the one or more encoded data shares.
3. A data security system, the system comprising: one or more storage devices, the one or more storage devices storing client data; a share calculator, the share calculator providing access to the client data stored on the one or more storage devices, the share calculator selecting a random polynomial to encode at least a portion of the client data that is stored on the one or more storage devices; the share calculator encoding based at least in part on a Rabin polynomial model that encodes the at least the portion of the client data in at least one constant coefficient of the random polynomial; the share calculator discarding the random polynomial after encoding at least a portion of the client data that is stored on the one or more storage devices; and the share calculator constructing a second random polynomial based on the encoded client data, the second random polynomial being used to reconstruct the client data.
4. The system of claim 3 , wherein the share calculator is located on a network path between one or more client devices and the one or more storage devices.
5. The system of claim 3 , wherein the share calculator communicates encoded client data sent from one or more client devices to the one or more storage devices.
6. A method for securing data in storage devices on a network, the method comprising: generating at least one random number; selecting a random polynomial based in part on the at least one random number; encoding at least a portion of the data to generate encoded data shares, the encoding being based at least in part on the random polynomial and a Rabin polynomial model that encodes the at least the portion of the data in at least one constant coefficient of the random polynomial; discarding the random polynomial after generating the encoded data shares; storing the encoded data shares in a plurality of data storage devices, the plurality of data storage devices being non-transitory storage devices; and constructing a second random polynomial based on the encoded data shares, the second random polynomial being used to reconstruct the at least the portion of the data.
7. The method for securing data of claim 6 , further comprising: routing the encoded data shares to the plurality of data storage devices.
8. The method for securing data of claim 6 , further comprising: providing access to the stored encoded data shares.
9. The method for securing data of claim 6 , further comprising: providing access to a network path between one or more client devices and the plurality of data storage devices.
10. The method for securing data of claim 6 , further including: determining a number of encoded data shares based on a number of available storage devices for receiving the encoded data shares; retrieving a plurality of the stored encoded data shares from the storage devices; and comparing the number of retrieved stored encoded data shares to a preset reconstruction threshold factor, the preset reconstruction threshold factor indicating each of the retrieved stored encoded data shares are uncorrelated with the at least a portion of the data when the number of retrieved stored encoded data shares is less than the preset reconstruction threshold factor.
11. The method for securing data of claim 10 , further comprising accepting a data reconstruction of the plurality of the stored encoded data shares conditioned upon the number of retrieved stored encoded data shares being greater than the preset reconstruction threshold factor.
12. The method for securing data of claim 6 , further comprising: transporting encoded data shares along a first communication path of a network; and storing a portion of the encoded data shares along a second communication path of the network.
13. The method for securing data of claim 12 , wherein the storing a portion of the encoded data shares along a second path of the network includes storage in a physically detachable storage device.
14. The method for securing data of claim 12 , further comprising using a second splitter to decode the encoded data shares that are stored on the one or more storage devices.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
August 16, 2007
April 10, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.